Financial Markets Regulatory Outlook 2018

Bringing it all together

Deloitte UK's annual assessment from Deloitte’s EMEA Centre for Regulatory Strategy explores how major regulatory trends will shape the financial services industry in the year ahead and provides solutions to guide leaders in effectively navigating the changes.

Explore Content

Executive summary

The European financial services industry faces considerable strategic challenges in 2018. There is a large volume of implementation work being carried out, alongside uncertainties around the future shape of regulation. And though many initiatives have their roots in the financial crisis (now ten years past), others – such as work to address cyber resilience, Brexit, and Open Banking – reflect more recent concerns. Click the headings below to read the full executive summary or scroll down to explore the issues in detail.

The Outlook at a glance

Looking at the breadth of topics covered in this year’s Regulatory Outlook, we are struck by a number of common threads that emerge from the detail.

The industry faces many resource constraints and numerous competing priorities. With business models already under pressure, it can be difficult for regulated firms to do the bare minimum, let alone invest to become best in class.

There is considerable uncertainty across the board: the outcome of Brexit remains unknown, there are important regulatory technical standards outstanding in several areas, and the impact of new rules on markets will take time to play out.

The ecosystem of financial services is changing. MiFID II will intentionally overhaul the trading landscape, but old and new players will forge different types of connection, particularly through technological innovation and third party service providers. The shape of markets is changing, and with this the nature of risk in the system.

Technology provides opportunities to do old things better and to introduce new products, services and ways of working. But it also creates risks for firms whose business models will be challenged, and risks for consumers where its use is not well understood or controlled.

Customers’ relationships with firms are changing. Firms are looking to use customer data in novel ways, but customers are also set to gain stronger rights over how their data is used, while new technologies are enabling new types of interactions between customers, firms and third parties.

How individual firms respond to these issues will dictate who will succeed and who will struggle in the years ahead.

Regulatory strategy in 2018

We have identified seven thematic issues of strategic significance for all sectors of the European financial services industry in 2018, alongside a number of additional sector-specific issues.

Our cross-sector themes span a wide range of issues. 2018 is a year of multiple regulatory deadlines, including MiFID II, PSD II and GDPR, and our first theme examines industry’s efforts to “get over the line” in terms of compliance. Our second theme is Brexit, and we set out what industry will need to do against a backdrop of political and regulatory uncertainty. Third, we look at the business model challenges posed by the macro-economic environment, competition initiatives, and regulatory change. Fourth, we examine whether and how industry efforts to utilise customer data in novel ways can be reconciled with new data protection rules and supervisory expectations of the fair treatment of customers. Fifth, we observe significantly higher supervisory expectations and approaches regarding the treatment of vulnerable customers. Sixth, we consider the ever-present threat posed by cyber attacks,
and the increasing supervisory emphasis on cyber resilience. Last, but not least, we assess the evolving landscape for model risk management in an environment in which a large proportion of assets in the financial system, and the level of capital supporting them, are managed using approved internal models.

Beyond our cross-sector chapters, we also highlight a number of issues we consider to be “supervisory constants”. These remain the core priorities and activities of supervisors. Although we do not see major new formal policy initiatives emerging in 2018, these issues should nevertheless be given the attention they deserve by firms owing to the high importance placed on them by supervisors.

Supplementing these, we present our views of a number of strategically significant sector-specific issues:

Banks must contend with slow progress on the prudential framework, the intersection of IFRS 9, stress testing and
other requirements, evolving resolvability expectations, and the instigation of the “open banking” era.

Capital markets will respond to and be shaped by the introduction of MiFID II, particularly in terms of the trading landscape, data and reporting, and best execution.

Insurers are grappling with continuing regulatory change in the context of technological disruption, a persistent soft market and a continued low yield environment that is necessitating changes in asset strategies, business models and risk appetite. They also face challenges in delivering the product innovation needed to meet changing customer needs.

Investment managers’ business models are being scrutinised, with the margin between passive and active fund fees set to be squeezed. They also face the prospect of continuing supervisory review and potential intervention to address systemic risk concerns.

Explore the findings

Select issues and sectors of interest to receive a customised output of our analysis.

Cross-sector issues

Meeting deadlinesMeeting multiple regulatory deadlines: getting over the lineThe focus on meeting multiple regulatory deadlines in 2018 will come with a significant opportunity cost – firms will not have been able to exploit synergies to the full, will have diverted resources from other strategic priorities and will likely have to undertake significant remediation work post-deadline to make compliance efficient and effective. Read more...

Some implementation work will overrun regulatory deadlines, with firms having to adopt tactical approaches to compliance due to resource pressures. Firms need to act swiftly to identify areas where they may be at risk of not being fully compliant and plan accordingly, including documenting how and by when they will achieve full compliance.

In some areas, coordinated implementation is a necessity. In particular, GDPR and PSD II programmes should be coordinated to help determine integral issues such as which party will be responsible for obtaining consent from customers, to allow banks to share their payment data with TPPs under PSD II. Success more broadly will mean identifying and exploiting non-obligatory synergies between regulations, such as MiFID II and PRIIPs overlaps around costs and charges.

Firms should not assume that regulators and supervisors will refrain from early use of enforcement powers across all regulations that go live in 2018, notwithstanding indications from a small number of regulators that they will adopt a pragmatic approach to early post-implementation supervision of MiFID II. This is especially true in areas which are likely to be high priority for supervisors, such as transaction reporting, best execution, investor protection, costs and charges transparency, and data protection.

Firms will have to make ongoing changes to implementation plans in 2018 to ensure that they are working towards strategic solutions that will deliver optimal operating models. This will also allow them to adapt their solutions as they go. Supervisors are likely to monitor progress and identify areas for remediation.

BrexitPreparing for business post-BrexitFirms and supervisors will continue preparing for Brexit in a world of uncertainty, where the detail of both political and regulatory developments will be unveiled during the course of the negotiation period.Read more...

Those firms operating in the UK that need to ensure continued EU market access will start building their presence in EU27 countries on a sliding scale of intensity throughout 2018. Restructurings will not be completed in 2018, but will occur in waves over a number of years, depending on the final terms of any market access agreement between the UK and the EU.

It remains unclear whether a transitional period will be agreed; even if one is, we expect firms to press ahead with aspects of their plans, including new authorisations and model approvals. Given time pressures and the risk of process logjam for regulatory authorisation, firms should be proactive in anticipating and responding to likely areas of supervisory review and enquiry.

We expect legislative (or equivalent) solutions to the issue of cross-border derivative and insurance contracts in order to maintain financial stability and consumer protection.

Banks and capital markets firms will have to keep a close eye on continuing legislative and regulatory change, including revisions to EMIR relating to the supervision of CCPs, the IPU proposals in CRD V/CRR II, the new prudential framework for investment firms, and what – if anything – is put forward for inclusion in future revisions to MiFID.

Insurers will need to focus on Solvency II. The UK will not depart from Solvency II in 2018, but the PRA will examine ways of streamlining its implementation, for instance in relation to data collection and model change approval. The PRA will give serious consideration to a unilateral early change to the calculation of the risk margin for UK firms.

Investment managers should closely monitor any movement on the issue of delegating portfolio management to non-EU countries in the UCITS and AIFMD reviews.

We expect to see a continuing strong pan-European drive for consistent supervisory treatment of relocating firms, led by the ESAs and the ECB. There will be a strong element of “learning by doing” such that supervisors’ expectations will evolve as they understand better the specific challenges in relation to restructuring work and related authorisations.

In the UK, we expect the PRA and FCA to clarify their approach to the treatment of branches of EEA firms carrying out wholesale banking and insurance business in the UK post-Brexit. If agreements on regulatory cooperation between the PRA and EU27 supervisors are not in sight by the time of PRA’s announcement of its approach, the possibility of such branches being required to subsidiarise cannot be discounted.

Business modelsBusiness models under the supervisory spotlightThe macro-economic environment, competitive forces and regulatory change continue to put pressure on traditional business models across the financial services industry, and in some cases are driving changes to business models and risk appetite. Read more...

The sources of business model challenges are varied. They include the potential loss of market share and restructuring of value chains owing to new entrants using new technologies; failure to deal with legacy problem assets; overcapacity or intense competition; and regulatory-mandated business model changes. The persistent combination of regulatory change and low interest rates has generally eroded profitability and the capacity of some firms to weather further challenges.

Supervisory business model analysis has played a more prominent role in supervisory activity in 2017 and this will intensify in 2018. Business strategy will become an important lens through which supervisors will view the competence and effectiveness of the board and senior management. Supervisors will expect the board and senior management team to demonstrate tangible improvement in the quality of debate and discussion on business strategy and its risk implications, and the quality of data to inform that debate.

Supervisors are not in the business of directing firms’ business strategies or models but the insights they have gained through business model analysis are leading them to challenge extensively on these fronts, as well as prompting supervisory work across a range of other areas. And although supervisors are not looking to force fundamental changes to firms’ strategies or product offerings, they will intervene at the level of individual legal entities within group structures (for instance in relation to booking model concerns).

Conduct rules aimed at enhancing consumer protection will affect product distribution. Revenue streams will come under pressure as provisions on inducements, conflicts of interests, and remuneration of salespeople come into effect. Product ranges will be scaled back in response to tougher product governance requirements on complex products, and distribution networks (particularly for insurance broking) may diminish in some countries as smaller intermediaries struggle with the weight of regulatory requirements.

Firms need to develop their own internal capacity to analyse their business model and its vulnerabilities, including by drawing on analysis carried out for supervisory exercises such as stress testing. They also need to continue to facilitate supervisory investigations: the ECB’s 2017 horizontal review of business models created substantial data requests. Internal coordination is critical to ensure timely and accurate data provision, as well as consistency with other supervisory submissions.

Data protection and innovationData protection and innovation: ensuring good customer outcomesAgainst a backdrop of increasing concerns about the use of personal data and data privacy, firms can expect greater supervisor scrutiny of their approaches to their use of, and controls over, personal data. Read more...

GDPR will serve as a catalyst for regulators to increase scrutiny of wholesale automated processing of customers’ personal data. Firms are increasingly using advanced analytics and AI solutions to design tailored services and products that better suit customers’ needs, and also to determine customers’ individual risk profiles more effectively. Being able to leverage these technologies is predicated on the availability of large sets of relevant customer data, whether privately held or publicly available. As GDPR goes live, firms’ ability to use customers’ data while remaining compliant with data protections requirements will be tested.

GDPR will give consumers additional rights to understand and take control of how firms are using their personal data. Firms whose business models rely on wholesale processing of customers’ personal data will need to prepare appropriately before May 2018. This means being able to satisfy supervisors once supervisory programmes start, and importantly, also to respond to customers’ enquiries in a meaningful, transparent and understandable manner.

To be in a defensible position by GDPR’s May 2018 implementation deadline, firms need to complete DPIAs and, if necessary, have a remediation plan in place. More generally, firms should adopt the principles of algorithmic accountability and auditability – these require firms to have organisational and technical processes in place to demonstrate, and for third parties to be able to check and review, that an algorithm is compliant with data protection requirements. Last, but not least, firms will also need to ensure the data used for the processing meets the test of being lawful to use and free of bias.

GDPR will require a gear shift in relationships with data protection supervisory authorities, both at firm and industry level. This means that in several EU jurisdictions firms will need to establish more structured and appropriately funded regulatory affairs teams to conduct regular briefings with the data protection supervisory authorities to discuss their organisational data privacy strategy and any high-risk automated data processing being planned.

However, compliance with GDPR is not the end of the story. Data protection issues provide practical examples of how FinTech is blurring the lines between financial services regulation and other policy domains. Financial services supervisors should and will pay particular attention to any unintended consequences of the automated processing of large sets of data and what it means for financial exclusion, discrimination and protection of vulnerable customers. Regulatory affairs teams should be prepared to discuss their firms’ use of customers’ data from the perspectives of both financial services supervisors and data privacy authorities.

Vulnerable customersBroadening the perspective on customer vulnerabilityRegulators are increasingly recognising that legislation, products and services are often built for the “average” consumer, and that while these work satisfactorily for many, supervisors nonetheless need to focus on certain consumer groups whose situational vulnerability may leave them less able to secure their own interests and hence at greater risk of suffering poor outcomes. Read more...

In the light of past episodes of widespread misconduct, we see a general shift in conduct supervision strategy. Whilst emphasising firms’ obligations to treat all customers fairly as a starting point, conduct supervisors increasingly look to focus their resources on groups of customers at greatest risk of potential detriment. “Consumer vulnerability” is more overtly used as a notion and operating principle in certain jurisdictions, but the shift is taking hold more broadly.

Regulatory understanding of customer vulnerability is broadening to recognise that an individual’s vulnerability is dynamic and a function of many variables, including financial capability, financial resilience, health, age, and life events, which change with circumstances and situations. Firms will be expected to assess their customer base specifically in this light, so as to identify customer groups at heightened risk of loss. They will also need to keep track of these factors over time, given that changing life circumstances can create vulnerability later in the customer journey.

Firms need to adapt to this broader definition of vulnerability and factor it into their governance and interactions with customers. Supervisors will expect firms to review and enhance their processes for the design, distribution and monitoring of their products and services. In particular, supervisors will expect firms to consider the roles of systems, processes and controls to address risks of consumer detriment across product design and approval, communications, systems, monitoring and MI, training, and documentation. Building in the capability to monitor vulnerability factors over time, ensuring clear communications and ease of access, and maintaining records evidencing the reasoning behind decisions, will be crucial.

Strong board and senior executive engagement will be needed. Vulnerability will feature with increasing prominence in supervisory dialogue with boards and senior management, with an emphasis on how firms’ strategies are being reviewed and adjusted in response to changes in customers’ behaviour and needs. The needs of specific customer groups and risks of exclusion should be considered explicitly by firms when developing new distribution strategies or new technology.

Enhanced data analytics will help firms respond to this supervisory challenge by providing powerful new capabilities to identify, analyse and respond to the risks and causes of vulnerability. In particular, data and voice analytics will allow firms to analyse their customer interactions at a detailed level provided they remain on the right side of the evolving framework for data privacy and protection.

Cyber resilienceIntensifying supervisory focus on cyber risk and resilienceThe regulatory focus on the heightened cyber risks created by technological change and increasingly digital business models is not new. In 2018, however, we will start to see regulators flex their muscles and begin to articulate clearer priorities for what firms need do to prepare for cyber threats. Read more...

A successful cyber attack on a systemically important bank or financial market infrastructure could threaten financial stability, and the heightened risk of such an event is prompting a new level of regulatory and supervisory scrutiny. Supervisors will adopt a broader perspective than that of individual firms, which have typically been focused on their own resilience and protection of their customers. The increasing interconnections between financial services firms and their outsourcing partners – particularly technology partners – will change the nature of the cyber threat and its systemic risk implications, raising questions about how to deal with potentially jointly owned systemic risks, especially in a cross-border context.

2018 will see regulators (most notably the BoE and ECB) issue a range of new standards on cyber security in financial services, building on earlier pilot programmes around resilience testing, and expanding into newer areas such as threat intelligence sharing. Firms in all sectors will face increased pressure to show that their controls and individual recovery plans have been robustly developed and thoroughly tested against sufficiently severe scenarios, requiring them to build on existing investments in cyber defences.

European banking supervisors will increasingly make firm-specific interventions where deficiencies in cyber risk identification or management are found; fines and even capital charges will be part of a growing supervisory toolkit. The application of the EBA’s new Guidelines on ICT risk within the SREP may result in additional (Pillar 2) capital requirements for unaddressed deficiencies in cyber risk management. Additional capital may do little to protect a firm against cyber risk or shorten its recovery times, but it will incentivise Board action to deal with underlying deficiencies.

Insurance supervisors will be alert to the potential risks arising from cyber insurance underwriting practices. Underwriting and reserving are likely to come under closer specific stress testing and scrutiny from prudential supervisors, with EIOPA having indicated that it will look to incorporate qualitative elements relating to cyber risk in its 2018 stress test. Conduct supervisors, on the other hand, will be alert for signs, either from complaints or from litigation, that policyholders have concerns about having been sold policies which did not cover them adequately for the cyber events to which they were subject.

Finding people with the right experience in both IT resilience in general and cyber resilience in particular will continue to be challenging for financial institutions. As part of the solution to establish clear accountability for cyber resilience within their governance structures, firms should be able to articulate the relationship between the CRO, Chief Information Security Officer and the Board in planning for and dealing with threats.

Oversight of internal modelsInternal models: complexity, supervision and oversight2018 will see a concerted push from national and supranational regulators on the risks posed by capital and other models to firms and the financial system. Read more...

Internal models are used to calculate a substantial proportion of the capital requirements of financial services firms. In the EU banking sector around half of credit risk capital requirements are generated through IRB approaches. Many insurers have applied for supervisory approval of internal capital models since the 2016 introduction of Solvency II.

Regulators in Europe continue to see value in modelling as a part of the regulatory framework, albeit with differing levels of enthusiasm. But there are concerns as to whether models are fulfilling their intended role in adequately capturing and calibrating risks, and whether they are creating inappropriate incentives for firms. There are also concerns as to whether these risks are well understood and managed by Boards and senior executives.

Firms need to demonstrate that they have considered the inherent limitations of their models and that they understand the circumstances in which key model assumptions and dependencies might break down.

TRIM fieldwork will be substantially completed by the end of 2018, and some banks will be expected to carry out remedial work. EIOPA will also issue further guidance in 2018 on internal model convergence, helping to set methodological and quantitative expectations for insurers’ approved internal models.

SSM benchmarking and Solvency II reporting data will provide extensive information for supervisors, enabling them to analyse the results of internal models across the industry and to target differences in model treatment. The use of hard floors or “guard rails” on model results is likely to be considered for the insurance sector; these are similar in concept to the output floor currently being so hotly debated in the BCBS.

Firms’ broader model risk management frameworks will also come under increased scrutiny. Firms will need to demonstrate that they have identified all models generating material risk, and that they have a clear understanding of risks posed to their organisations by their models, including those outside the scope of regulatory approval.

To prepare for this regulatory drive, firms using internal models should focus on effective governance and oversight. A lack of transparency around how conclusions have been reached will raise serious supervisory concerns. Directors will be expected to have, at a minimum, a sound conceptual understanding of model limitations and of judgmental factors, particularly those that “shift the dial”.

Regulatory and supervisory constantsAt the heart of supervisionThere are innumerably more regulatory and supervisory issues for financial services firms and their Boards and senior management teams than we have space to do justice to in this document. This is, emphatically, not to diminish their importance, either for regulators or for firms. In this section we draw out core supervisory issues that will continue to form a crucial part of “business as usual” supervision. Read more...

Governance and culture: Recent episodes of repeated and severe misconduct will sustain regulatory momentum and focus on improving the culture and governance of financial services firms. Regulators will look to ensure that the right values and cultural attitudes are in place at all operating levels within a firm, starting with the board itself, and that remuneration and incentives underpin this.

Conduct risk: Conduct supervision will continue to proceed under its overarching themes of fair treatment of customers and ensuring that products are sold in a way that is clear, fair and not misleading, while competition perspectives will inform reviews of charges. There will also be increased appetite for direct product intervention where supervisors judge that market failure is occurring such that consumers are unable to make reasonable decisions.

Data and reporting: We expect supervisors to keep up the pressure in 2018. Part of this will stem from new data initiatives covered elsewhere in this document, and part will be from the continuing drive by supervisors for more granular and higher quality data to support stress testing and other initiatives. There is also a need for greater confidence in the quality of data to enable firms and supervisors to take best advantage of the “big data” analytical techniques that are increasingly prevalent.

Disclosure: We continue to await the PRA’s discussion paper on possible disclosures of elements of banks’ and insurers’ regulatory returns; depending on the proposed approach this could set a new direction across EMEA. The Taskforce on Climate-Related Disclosure reports will also continue its work through to September 2018, and will look to encourage adoption of its recommendations.

Remuneration: Remuneration continues to be in the spotlight, with much of the focus shifting to ensuring the appropriate application of rules, rather than the introduction of new frameworks, although new remuneration rules under MiFID II and European guidelines on variable pay for customer-facing staff in retail banking come into force in 2018. Regulatory expectations on pay structures continue to evolve, in particular in relation to risk adjustment, malus and clawback.

Risk appetite: We expect the supervisory focus on risk appetite in financial services firms to continue. Supervisors increasingly view a fully implemented RAF as a prerequisite for effective governance and proper translation of strategy into business activity; firms’ dialogues with supervisors in these and other areas will need to be rooted firmly in the implications for risk appetite.

Sector-specific issues

Bank prudential agenda - BankingThe prudential framework: slow progressFurther progress will be made in finalising the post-crisis prudential framework, but the slow speed of negotiations and variable implementation around the world will mean that uncertainty over its long-term impact on banks’ business models and product lines will persist. Read more...

The BCBS has agreed on the finalisation of Basel III, but the impact of these rules on industry will remain unclear as the EU will not propose legislation for them until 2019 at the earliest. The EU continues to negotiate its “Risk Reduction Package” (which includes CRD V/CRR II) and is unlikely to conclude those negotiations in 2018. This will lengthen the delays in implementing already-agreed elements of the Basel framework, such as the NSFR.

EU legislators are also showing a growing willingness to depart from international standards in terms of the content, sometimes by proposing substantial discounts to capital requirements, such as those for market risk.

A more uneven regulatory environment will create additional costs and complexity, and designing regulatory capital models based on Basel standards will become more difficult as those models will run a greater risk of falling out of alignment with the rules that are eventually implemented by EU and national regulators.

Banks need to respond to the challenge of fragmentation in the prudential agenda by designing solutions that enhance their ability to meet regulatory demands flexibly and understand their impact quickly. One (and perhaps the only) upside from the delays that are becoming apparent for many parts of the Basel agenda are that they give banks the opportunity to refine their implementation programmes and to invest in capabilities and technologies that support these efforts.

More broadly, banks should be thinking about investments that will help them better cope with a long and difficult period of prudential rules implementation that is due to stretch well into the next decade. Efficiently implementing these rules is only one part of the challenge – the other is being able to form a granular and forward-looking view of their impact on various product lines and geographies in order to make better business sustainability decisions, as well as to develop the business model agility needed to respond successfully to the challenges.

IFRS 9, stress tests, NPLs and disclosure – BankingThe intersection of IFRS 9, stress tests, NPLs and disclosureBanks are having to deal with the simultaneous introduction of new accounting rules, an intensifying focus on asset quality and NPLs, an evolving stress testing framework, and a possible hardening of supervisory attitudes towards the use of internal models. Read more...

2018 is the first year in which banks are required to use IFRS 9. The new accounting standard will have significant knock-on implications for a variety of prudential issues, most notably capital requirements and stress testing. Its introduction sits alongside intensifying work to address NPL stocks in the Banking Union, and the business end of the ECB’s TRIM exercise.

The consensus for the impact of IFRS 9 on capital numbers is in the region of 40bps CET1 reduction (although this will vary significant between banks), albeit mitigated by the transitional arrangements that have been fast-tracked through the EU legislative process just in time to be applied from January. The capital impact of IFRS 9 will vary significantly depending on variations in the economic cycle, and will introduce new volatility into capital numbers.

Investors will take some time to come to terms with the impact of IFRS 9, and banks can expect significant interest in, and challenge of, their disclosures by analysts, ramping up the pressure to ensure clear and transparent disclosure and communications.

Feeding IFRS 9 numbers into stress tests and the ICAAP will also increase the demand side of the capital equation. Stress testing will become even more analytically challenging, and all other things being equal, stress testing results are likely to worsen due to the treatment of IFRS 9 impairments.

Work to address legacy NPLs in the Banking Union has transformed from a supervisory concern into a political priority. The European Commission will bring forward a package of initiatives starting in early 2018 to address NPLs, including a “blueprint” for national asset management companies to which impaired loans could be transferred, and plans for the further development of a secondary market for such loans.

Definitions of Stages 1, 2, and 3 in IRFS 9will be critical for investors and analysts to understand book quality. ECB guidance makes clear that “at least all” of banks' Stage 3 exposures under IFRS 9 will be in the scope of its framework for addressing NPLs and markets are eagerly awaiting the ECB’s update on progress on managing the current stock which is anticipated by the end of Q1.

The ECB’s TRIM exercise remains ongoing. With many on-site inspections already having been carried out, many firms have received or will soon receive feedback on the findings, which will give an indication of the remediation work needed.

This confluence of regulatory interest in internal models and the introduction of IFRS 9 underlines the need for investment in credit risk modelling and related risk management capabilities. IFRS 9 requires the development of capabilities which can leverage credit risk modelling techniques used for calculating capital under IRB methodologies, as well as macroeconomic modelling techniques which overlap with the analysis undertaken in stress tests.

Resolvability – BankingResolvability: yet to be resolved2018 will be a test of whether regulatory and political authorities are fully subscribed to the aims of the resolution agenda. Read more...

In 2017 the SRB successfully deployed resolution tools to deal with the failure of Spain’s Banco Popular, but the subsequent use of State Aid in connection with Italy’s Veneto Banco and Banca Popolare di Vicenza has dented confidence in the regime. Given the uncertainties surrounding the economic environment, and the continuing concerns about the capital adequacy of a number of EU banks, further bank failures in 2018 are possible. The next case will be critical for market perceptions of the credibility of the framework as a whole.

It is in the industry’s interests for resolution to work. According to Martin Taylor of the UK’s FPC, it is only the credibility of resolution, structural reform and enhanced supervision that stand between the UK banking system and a potential 500bps hike in capital requirements.1

We do not anticipate significant interventions by resolution authorities in 2018 to mandate structural solutions to improve resolvability – resolvability remains a long-term aim, and one that needs to be achieved alongside significant other operational burdens on the sector. But we do expect continuing work and scrutiny by resolution authorities on the practical utility of plans, and banks’ capabilities in areas such as valuation.

And while resolution authorities will not intervene significantly in legacy structures, we do expect them to have much greater influence on new structures. Brexit is a case in point, with the PRA having indicated that it views Brexit-related restructuring as a complicating factor for resolvability. We are also seeing signs of the SSM and SRB considering the resolvability of new entities that banks are proposing to establish in the EU27, particularly relating to booking models.

The EU’s proposed IPU requirement – intended to facilitate the resolvability of third country banks within the EU – will lead to yet-more structural changes in the coming years. But its final shape remains unclear, as does the potential timeline for its implementation, and the general slow pace of CRD V negotiations means we may not know a great deal more about the IPU by the end of 2018.

Open Banking – BankingThe Open Banking era beginsOpen Banking is intended to shake up the payments market by requiring banks to provide TTPs with customers’ transactional data and access to customer accounts to make payments on the customers’ behalf. But the Open Banking revolution will get off to a slow start while several regulatory questions remain to be answered. Read more...

PSD II will apply from January 2018, but firms’ compliance and strategic plans have been hampered by the lack of regulatory clarity, including the absence of a fully finalised RTS on SCA and CSC between banks and TPPs. This will make the development and adoption of new services and products across the EU slower than expected in 2018, although in the UK, where the Open Banking APIs will go live at the same time as PSD II, things should move more quickly.

Most banks will use PSD II as an opportunity to transform their digital offerings to provide new and better services to their customers. Their brand and financial strength, coupled with wide customer bases, means they are well positioned, together with established “FinTechs” and “BigTechs”, to succeed. However, while many firms have carried out some form of strategic impact assessment, most resources to date have been spent on compliance programmes, rather than on a strategic response. Indeed, in a recent Deloitte PSD II2 survey, 59% of respondents stated they considered the regime to be an opportunity for their organisation, but only half as many (32%) felt they were ready to respond strategically.

Compliance challenges will continue into next year. Banks will be required to support existing solutions, such as screen scraping, from January 2018 until the RTS on Strong Customer Authentication and Common and Secure Communication become applicable in September 2019. This places them between a rock and a hard place, as screen scraping will be difficult to reconcile with GDPR. The European Commission has signalled clearly to banks that it will take a tough line on competition issues, but banks also risk hefty fines under GDPR.

We expect banks and TPPs to overcome the lack of a specified common communication standard by coming together to define an industry standard for their market. This will increase interoperability, reduce implementation costs and time, and also ease some of the issues around customers’ consent verification and TPP identification. The UK Open Banking APIs will provide a useful model on which to proceed.

Trading landscape – Capital MarketsThe changing trading landscape and market structureMiFID II goes live on 3 January 2018, and will transform the way in which numerous products are traded in the EU’s capital markets. Read more...

MiFID II will transform the market structure for non-equities, with a significant reduction in OTC volumes in favour of transactions on venues, including MTFs and OTFs, and SIs.

The implementation of the trading obligation will disrupt current market practices by requiring equities that are admitted to trading on regulated markets or trading venues to be traded on exchanges, MTFs, equivalent third-country trading venues or SIs. Certain interest rate and credit derivatives will also be brought on to exchanges, OTFs, MTFs and equivalent third-country trading venues. Buy-side firms will transact substantially increased volumes on-venue, but not only due to the trading obligation: venues have other attractions, such as providing assistance with post-trade reporting requirements.

The absence of third country equivalence decisions presents a potential stumbling block in relation to instruments subject to the trading obligation, and for intragroup transactions that may otherwise be eligible for exemptions from the trading obligation.

The introduction of a new category of trading venue – the OTF – will bring into regulatory scope a range of facilities that were outside the scope of MiFID I, including broker crossing systems, hybrid electronic and voice broking facilities, and more. OTF operators will have discretion over execution, and must be active in bringing about transactions. As a result we expect market participants to approach OTFs for specialised orders or less liquid products.

Some large investment banks are set to become SIs, but other market participants will wait for ESMA’s market data (due six months into the new regime) before making a decision as to whether to register as an SI.

Product liquidity and standardisation will be the main influencing factor on where firms choose to execute orders – OTC, SI, or on-venue. Owing to the increasingly electronic nature of trading and greater product standardisation, volumes on MTFs will increase, while the volume on exchanges is likely to be reduced by the growth of MTFs, OTFs and SIs. In general, the size of the OTC landscape will reduce significantly for non-equities.

Data and reporting – Capital MarketsGetting the data rightA variety of factors will cause firms to consider how they collate, hold, report, and use data in 2018, with MiFID II set to provide particular challenges. Read more...

Firms will consider how they collate, hold, report, and use data in 2018 for multiple reasons. GDPR becomes directly applicable, placing unified data protection obligations on firms operating in the EU (or outside of the EU if dealing with EU resident data). New reporting requirements under the SFTR (to be implemented by 2019) will be developed. The increased number of mandatory fields, the expanded range of products in scope and the wider range of information relating to counterparties and instruments remain significant operational hurdles for the industry to clear. Some further additional challenges for firms include dual reporting concerns in multiple jurisdictions, cross-border data privacy considerations under GDPR, LEI set-up, and likely discrepancies between buy-side and sell-side reporting in areas such as trade timing.

Greater confidence in the accuracy of market data will gradually emerge in 2018, driven in part by a concerted effort by regulators for the industry to improve reporting standards. ESMA has provided early evidence of the focus on data submission accuracy in its business plan for 2018.

Over time, market participants will grasp better the use of the data to inform the price formation process, enhance surveillance system capability at firms and regulators, and improve best execution analysis.

Despite this supervisory focus, the anticipated transparency envisaged in OTC and derivative markets may be slow to materialise until data reliability can be assured. This will be compounded if early market fragmentation occurs, and the goal envisaged by regulators of more efficient price discovery may l take some time to emerge.

The success of RegTech solutions will be partly contingent on the availability of high data quality. Over time, market surveillance systems will benefit from the increased level of source data available, and firms will be better able to demonstrate that they are meeting the “sufficient steps” test of best execution obligations if basing decisions on an expanded data set.

Supervisors will also look to improve their market surveillance capabilities. Any trends toward cognitive computing and AI will be enhanced by the vastly expanded level of data availability, and rule-based surveillance systems will be supplemented by firm and individual behaviour analysis and anomaly detection.

Post-trade data reporting requirements provide an opportunity for the sell-side to realise competitive advantages by utilising the improved data offering through automation and AI technology. Leading market participants will consider where service provision can be improved for clients, for example utilising data to analyse customer trading patterns and target automatic research provision.

Best execution – Capital MarketsA more demanding best execution regimeFirms will need to test, monitor and make adjustments to their strategies for overseeing best execution, and continue to evidence that they are taking steps to deliver better client outcomes. Read more...

Firms will need to assess and optimise their execution policy on an ongoing basis, as they select venues, ways to route their clients’ orders and even providers of algorithms. The growth in the choice of venues only adds to the challenge. Firms are expected to be answerable to clients and supervisors when asked why they have chosen a particular way to route an order, and demonstrate that they have considered alternative options.

Investment firms’ publication of their top five execution venues for each asset class will increase competition among venues and incentivise them to improve service quality and lower execution costs. We expect this kind of industry-wide transparency to hold venues to higher standards of execution quality.

We foresee best execution monitoring in fixed income lagging behind that for equity trading. The lower data quality for these asset classes will cause TCAs to be less reliable in the first few months of MiFID II application. As the use of TCA increases data and reference points, we expect market participants to be able to provide more evidence for best execution.

Supervisors will be more intrusive in their scrutiny of whether firms are delivering best execution. Deficiencies in NCAs’ monitoring of best execution under MiFID I caught the attention of ESMA. ESMA will be alert to any further deficiencies in this area among NCAs, particularly given that the new definition of best execution in MiFID II raises the bar. We expect NCAs to be mindful of their experience during the first ESMA peer review and therefore more inclined to be intrusive in their supervision of whether firms are delivering best execution in 2018 and beyond.

Buy-side firms will have greater responsibility to ensure that they are receiving best execution, and they will need to leverage data and statistical analysis on execution quality from their new reporting capabilities. In the UK, for example, we expect that the FCA will look to hold senior managers responsible if a firm fails in its obligation to ensure it consistently achieves best execution, particularly in instances where senior managers have not empowered compliance staff to challenge the front office on execution quality.

Regulatory capital change – InsuranceContinuing regulatory and capital change for insurersTwo years on from the landmark regulatory changes brought about by Solvency II, reform to aspects of the prudential insurance regime is still being debated. However, 2018 will be dominated by discussions about future changes rather than implementation. Read more...

The risk margin and associated cost of capital rate are likely to attract fierce debate as part of the Solvency II review, with an increasing prospect of the UK implementing unilateral – and substantial - change in this area. EIOPA will come under intense pressure from those countries and industry participants most affected to propose a lower cost of capital rate in 2018, having suggested maintaining the current 6% rate in its consultation. EIOPA’s final position will help to frame both the subsequent debate in the EU, and, for UK insurers, the PRA’s deliberations on the future of UK insurance regulation. If EIOPA does not shift its position in favour of a lower risk margin, we expect increasing pressure on the PRA to implement unilaterally a UK-specific adjustment to the Solvency II approach.

Firms should expect a great deal of focus on the impact of Brexit on policy and regulation. Substantial change will not take place in 2018 (and may not take place at all), but firms should expect a great deal of debate on future policy and regulation. The PRA’s exercise of judgement and flexibility in implementing Solvency II will come under scrutiny, especially in relation to internal model approval, regulatory reporting and solvency for long-term insurers. This scrutiny will likely include whether the PRA’s approach in these areas is taking sufficient account of competition issues.

If implemented as agreed at the IAIS’s 2017 Annual Conference, it is far from clear that the ICS will succeed in providing a consistent and comparable international standard. Nonetheless, internationally-active groups will need to start planning time and resources to report to regulators under the standard on a market adjusted basis during the five year confidential reporting period. For insurers not already reporting on a market-consistent basis, or if the methodology or calibration of the ICS differs significantly from prevailing national standards and Solvency II, the effort required to do so could be substantial.

The implementation of the IDD will affect the business strategies and operations of firms across Europe. Firms will need to make sure their product governance and approval processes comply with the IDD, particularly the requirement that firms should ensure, on an on-going basis, that products are aligned to the interests, objectives and characteristics of their target market.

Insurers will move further into alternative investment classes and products such as infrastructure and equity release mortgages, due to low returns on “traditional” investments, and the added incentive of the liquidity premium that can be recognised through the Solvency II matching adjustment.

Although supervisors will understand in principle the business rationale behind these diversification activities, they will strengthen their challenge to boards and senior management on their understanding of the implications for risk profile and capital strength. The adequacy of sector expertise, credit risk assessment and governance, and recovery preparedness, will come under sharp scrutiny. Particular supervisory focus will attach to the credit ratings firms are assigning to illiquid assets for which there are few, if any, independent market valuation indicators.

Supervisors will be concerned that firms’ strategies are being driven overly by yield considerations alone. They will focus sharply on the risks to solvency that these strategies will pose in the event of equity or property market crashes. Firms can expect to see their “prudent person” approach expressly challenged in this regard, not least in relation to the rigour and breadth of the stress testing they have undertaken.

Reverse stress testing is also likely to be applied with greater frequency. Firms that do not satisfy supervisors on their understanding and management of riskier activities, particularly the degree of board engagement, are likely to see increasing use by regulators of independent assurance. In the 2018 EIOPA stress test, insurers should also expect their resilience to low interest rates to be tested.

Firms’ conduct will also be placed in sharp focus by supervisors concerned by the risk of customer detriment in pursuit of profitability, particularly amongst customers who are unable to protect their positions, and hence are vulnerable. Conduct supervisors will continue to focus on the suitability and marketing of more profitable products and activities (for example, add-on sales, renewals and long-term fee arrangements), and will have particular concern for consumers at increased risk of harm either through a lack of understanding and/or because their circumstances leave them little option but to purchase such products.

Despite 2017’s active hurricane season, the persistent soft market will continue to challenge insurers and supervisors in 2018. The supply of insurance risk capital is unlikely to dry up in the near term. We expect further growth in the alternative risk transfer market, adding to the supply of risk capital from outside the traditional sector and leading to further pressure on pricing and margins and, potentially, underwriting standards and policy term scope.

These factors point to a structural shift in the insurance market. The availability of insurance risk capital in the low interest rate environment has structurally weakened and hence inhibited the insurance market cycle. A prolonged hardening of the market is therefore unlikely without interest rate rises substantially exceeding those currently expected by the market, barring a “market turning event” of truly unprecedented scale.

This creates a double-edged risk for supervisors – on the one side, long-running depressed profitability coupled with a deterioration in underwriting standards and policy terms and on the other, the risk of disruption in a turning market. Firms should expect to have to respond to requests from supervisors on financial resilience and contingency planning; catastrophe modelling and stress testing will be key areas of supervisory scrutiny. Supervisors will continue to be concerned by the adequacy of rates and reserving, the risk of a gradual softening of policy terms, and whether adequate allowance is being made for extreme events in capital requirements.

Cyber underwriting risk will be an area of special focus, with supervisors concerned that modelling either underestimates the potential scale and impact of cyber exposures or is not capturing the implicit cyber coverage provided by conventional business continuity cover. Supervisors will therefore expect robust scenario testing of potential major cyber events and scenarios from both overt and implied cyber exposures. Supervisors will also expect boards to demonstrate in-depth understanding of cyber risks and firms’ own cyber resilience. A major systemic cyber loss event would undoubtedly harden long term pricing in the cyber market.

Resolution planning will remain within the framework of national regulation in 2018. In 2018 the European Commission will consult on recovery and resolution for the insurance sector, but we do not expect a legislative proposal during the life of this European Parliament.

Disruption and innovation – InsuranceMeeting customers’ changing needs through innovationThe rate of product innovation and disruption in general insurance will accelerate in 2018, as firms further explore the potential of data to develop underwriting, pricing and product delivery. Read more...

Pricing practices will be in regulatory focus, in particular where supervisors perceive risks of financial exclusion. For example, the FCA expects to focus in 2018 on whether certain consumers are systematically affected by pricing practices, whether renewal customers are disadvantaged, and whether information provided to consumers is sufficient to assess the products they are presented with. Firms will need to be able to explain clearly how pricing decisions are made and the types and sources of data used.

2018 will also see a significant level of engagement with supervisors and demand for guidance on the use of data in underwriting and pricing. The implementation of the GDPR will add extra emphasis. Firms and supervisors will also consider the use of a broad spectrum of data, such as social media data, in the course of the insurance product and consumer lifecycle. Precedents for acceptable use of different types of data will emerge over time, extending well beyond 2018.

Innovation will be slow in the life and retirement sector. Barriers to innovation, including uncertainty about how the market will develop, customer inertia and the small sizes of customer retirement funds, will persist in this sector. Supervisors will continue to focus on whether appropriate advice is being provided to consumers at the point of retirement, and on eliminating conflicts of interest in the advice process. The information provided to consumers will be subject to ongoing scrutiny, with a view to its effectiveness in overcoming areas of consumer inertia.

Business model and new regulation – Investment ManagementAsset management business models and new regulationCompetitive pressures coupled with heightened regulatory scrutiny will lead to a steady compression of the margin between active and passive fund management costs, particularly for retail funds, and to increased momentum towards consolidation. Read more...

Many rule changes will go live in 2018, including, MiFID II, PRIIPs, and new rules following the FCA’s Asset Management Market Study in the UK. ESMA will also undertake a large-scale assessment of the reporting of costs and past performance of retail investment products, in order to increase investors’ awareness of the net return on these products and the impact of fees and charges.

Competitive pressure, coupled with continued strong regulatory scrutiny from both fairness and competition perspectives, is likely to lead to a steady compression of the margin between active and passive fund management costs, most notably for retail funds. There is an increasing risk of declining market share and reputational damage for those firms that cannot keep up with the many rule changes, enhanced regulatory expectations and increased competition. In particular, this is likely to affect mid-sized asset management firms and incentivise consolidation.

The most efficient and innovative asset managers will be able to benefit from greater transparency around costs and charges. This includes introducing more innovative, performance-based charging structures to gain an advantage and increase their market share. Specifically, active managers need to have a coherent business model and pricing response to the growing shift towards low cost passive management.

As fee disclosures become more transparent, asset managers need to take a position and explicitly justify their charges to investors. Some larger asset managers have used the focus on fees to demonstrate that they will absorb costs rather than pass them on to investors, prompting a few firms to change their plans and implement the same approach.

Product innovation or greater automation through distribution channels should be considered. Opportunities for greater innovation may, for example, be facilitated through the EU Capital Markets Union initiatives due in 2018. Additionally, there may be scope to develop activities in areas beyond traditional corporate debt markets, to alternative forms of debt finance.

There are also examples of fierce negotiations over the provision of investment research and this could create opportunities for cheaper research platforms to flourish. Asset managers will need to balance the opportunity to negotiate cheaper research costs with the risk of a conflict of interest arising. This is a topic which is likely to continue to attract the scrutiny of regulators.

Systemic risk – Investment ManagementRegulatory responses to systemic risk concernsCalls for more intensive regulation of asset managers due to residual systemic risk concerns will not go away, but we do not expect individual firms to be designated as globally systemically important in the same manner as is the case in banking and insurance. Read more...

Global AUM figures have risen substantially since the financial crisis. EFAMA reported that European AUM alone has grown by 77% during the period 2006 – 2016. It now amounts to a €23 trillion industry.

This growth will trigger further regulatory responses to systemic risk concerns. Regulatory interest will be heightened by asset managers increasing their risk taking activities in response to the retrenchment of banks, and the market instability concerns that arise from the ever growing proportion of global capital flows represented by passive investment and ETFs.

In 2017, the FSB published policy recommendations to address structural vulnerabilities in asset management, and IOSCO is reviewing how national authorities have implemented the recommendations. Both ESMA and the ECB have also commented on the risks associated with the growing asset management sector, signalling a need for industry preparedness.

Supervisors will develop strategies to guard against systemic risk and instability in the event of a severe market downturn. Asset managers will need to respond with longer-term strategic and governance plans that provide the capability to meet fund stress testing requirements. They will also need to ensure appropriate liquidity management controls are in place.

It is increasingly likely that specific prudential tools will be made available to supervisors in the form of higher capital requirements and liquidity restrictions. Nevertheless, since it is not clear that capital is an effective mitigant of these market stability concerns, we expect the use of such tools to be sparing. Fund leverage will, however, come under scrutiny, and managers will need to satisfy supervisors that they are monitoring and measuring synthetic leverage appropriately.

We expect these systemic issues around the asset management sector to generate continuing debate and practical review. However, regulators do not yet seem poised to designate specific asset managers as globally systemically important.

Webcast: Exploring the Outlook 2018

To discuss the Outlook’s predictions and their potential impact on the financial services industry in 2018, Deloitte partners David Strachan, Andrew Bulley, Cindy Chan and Tom Spellman were joined by Alastair Barbour of RSA Insurance, Mark Wharton of Morgan Stanley and Stephen Sanders of JP Morgan.

How our 2017 predictions fared

Looking beyond EMEA

About the EMEA Centre for Regulatory Strategy

The Deloitte Centre for Regulatory Strategy is a powerful resource of information and insight, designed to assist financial institutions manage the complexity and convergence of rapidly increasing new regulation.

With regional hubs in the Americas, Asia Pacific and EMEA, the Centre combines the strength of Deloitte’s regional and international network of experienced risk, regulatory, and industry professionals – including a deep roster of former regulators, industry specialists, and business advisers – with a rich understanding of the impact of regulations on business models and strategy.

Key contacts

Partner | Audit | FSI Leader

Joe has solid experience in the fields of micro, macro policies, banking regulatory & supervisory frameworks. Joe is currently part of the Deloitte EMEA FSI Leaders group and leads the Global financia... More

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see About Deloitte to learn more about our global network of member firms.